Software Integrity Blog

Author Archive

Robert Vamosi

robertvamosi


Posts by Robert Vamosi:

 

New risk assessments for old medical device security flaws

On Wednesday, representatives from MITRE proposed risk assessments for medical devices using existing frameworks.

Continue Reading...

Posted in Medical Device Security | Comments Off on New risk assessments for old medical device security flaws

 

SEC warns on financial services cybersecurity risks

According to the US Securities and Exchanges Commission chair, cyber hacking is the biggest risk facing the world’s financial markets today.

Continue Reading...

Posted in Financial Services Security, Software Architecture and Design | Comments Off on SEC warns on financial services cybersecurity risks

 

Serious Symantec AV engine vulnerability to be patched

Google Project Zero Researcher Tavis Ormandy disclosed a Remote Heap/Pool memory corruption vulnerability in all versions of Symantec and Norton branded Antivirus products.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Serious Symantec AV engine vulnerability to be patched

 

Backdoor vulnerability affects Chinese ARM-based prototyping devices, others

Researchers have found that a Chinese chip manufacturer for low-cost Android tablets, set-top boxes, ARM-based PCs, and other devices has shipped a vulnerable Linux kernel in its latest product.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Backdoor vulnerability affects Chinese ARM-based prototyping devices, others

 

Privilege escalation vulnerability hits Lenovo Solution Center software

There is a serious privilege escalation vulnerability in software that is included with every Lenovo laptop. Fortunately, the company has now released a patch.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on Privilege escalation vulnerability hits Lenovo Solution Center software

 

ImageMagick vulnerability could allow remote attacks using malformed image files

A vulnerability in a popular software suite used to resize and re-produce image files in a variety of file formats could also allow remote command execution on a compromised web site.

Continue Reading...

Posted in Software Architecture and Design | Comments Off on ImageMagick vulnerability could allow remote attacks using malformed image files

 

Podcast: Software security and the connected car

Today the average new car has more lines of software code than has the Hubble Space Telescope, a Boeing 787 Dreamliner, and all the source code on your favorite social media app, Facebook, combined. And that’s just the beginning. In the not so distant future, your car will become no less than a mobile data center, capable of supporting a variety of new protocols.

Continue Reading...

Posted in Automotive Security | Comments Off on Podcast: Software security and the connected car

 

6 years later, ‘Stuxnet’ vulnerability remains exploited

In a recent report, Microsoft found that among the exploit-related malware families it detected during 2015 was a six-year vulnerability that was well-publicized.

Continue Reading...

Posted in General, Internet of Things | Comments Off on 6 years later, ‘Stuxnet’ vulnerability remains exploited

 

Fitbit IoT bathroom scale hit with critical vulnerabilities

Users of Fitbit’s Aria internet-connected smart scales will need to install a firmware patch as a result of critical security flaws reported last week.

Continue Reading...

Posted in Internet of Things | Comments Off on Fitbit IoT bathroom scale hit with critical vulnerabilities

 

Anti-virus scan shuts down medical device … During a procedure

In February 2016, a patient undergoing a routine cardiac catheterization procedure had to remain sedated five additional minutes while the device rebooted as the result of ant-virus scan.

Continue Reading...

Posted in Medical Device Security | Comments Off on Anti-virus scan shuts down medical device … During a procedure